What is indicated by an event on an existing log in QRadar that has a Low Level Category of “Unknown”?

C2150-612 0 Comments

What is indicated by an event on an existing log in QRadar that has a Low Level Category of “Unknown”?
A . That event could not be parsed
B . That event arrived out of order from the original device
C . That event was from a device that is not supported by QRadar
D . That the event was parsed, but not mapped to an existing QRadar category

Answer: D

Explanation:

Reference:

https://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.dsm.doc/c_DSM_guide_UniversalLEEF_eventmap.html#c_dsm_guide_universalleef_eventmap

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments